V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
snail1988
V2EX  ›  问与答

Nginx 被别人用来做代理怎么破

  •  
  •   snail1988 · 2014-12-15 13:52:50 +08:00 · 8090 次点击
    这是一个创建于 3656 天前的主题,其中的信息可能已经有所发展或是发生改变。
    log 中有如下记录
    36.231.31.153 - - [15/Dec/2014:05:45:42 +0000] "GET http://weio1985.pixnet.net/blog/post/225556174 HTTP/1.1" 200 1620 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    36.231.31.153 - - [15/Dec/2014:05:45:43 +0000] "GET http://weio1985.pixnet.net/blog/post/800&width=1024&referer= HTTP/1.1" 200 1634 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    36.231.31.153 - - [15/Dec/2014:05:45:43 +0000] "GET http://weio1985.pixnet.net/blog/post/800&width=1024&referer= HTTP/1.1" 200 1634 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
    175.156.148.114 - - [15/Dec/2014:05:45:47 +0000] "CONNECT 78.140.173.252:80 HTTP/1.0" 400 181 "-" "-"
    怎么配置能禁止别人用来做代理?求解答
    16 条回复    2017-10-16 01:38:38 +08:00
    icedx
        1
    icedx  
       2014-12-15 13:53:40 +08:00
    上配置
    yanwen
        2
    yanwen  
       2014-12-15 14:00:53 +08:00
    我的服务器也是nginx的。。话说 怎么会被别人拿来做代理的???
    lzk800
        3
    lzk800  
       2014-12-15 14:00:57 +08:00
    你应该是自己开启了反代功能,然后没有限制来源IP地址吧
    snail1988
        4
    snail1988  
    OP
       2014-12-15 14:01:13 +08:00
    server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html/yiitimeserver/frontend/web;
    index index.php;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ /index.php?$args;
    # Uncomment to enable naxsi on this location
    # include /etc/nginx/naxsi.rules
    }


    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
    deny all;
    }
    }
    snail1988
        5
    snail1988  
    OP
       2014-12-15 14:02:40 +08:00
    @lzk800 恩,后面连接的php-fpm
    web完全不熟,应该可以限制只代理我的域名吧?
    shiny
        6
    shiny  
       2014-12-15 14:04:32 +08:00
    我觉得只是别人在扫描 http 代理吧?
    snail1988
        7
    snail1988  
    OP
       2014-12-15 14:12:49 +08:00
    23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.so.com/?rands=_2510213733289952325356524 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://23.225.206.4/vs.php?rands=_1400492510623092681449488 HTTP/1.1" 404 579 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.baidu.com/?rands=_14004103394224869041620016 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://www.soso.com/?rands=_2922020291983713940733336 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    23.225.206.4 - - [15/Dec/2014:06:12:21 +0000] "GET http://218.59.238.92:8080/?rands=_2922022255724425120863444 HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;Windows NT 5.1;Windows NT 5.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    snail1988
        8
    snail1988  
    OP
       2014-12-15 14:13:12 +08:00
    这种log应该是做代理上网呢吧?
    lzk800
        9
    lzk800  
       2014-12-15 14:15:26 +08:00   ❤️ 1
    server段中加入以下代码用于限制域名访问:
    valid_referers server_name *.abc.com abc.com;
    if ($invalid_referer) {
    return 403;
    }
    snail1988
        10
    snail1988  
    OP
       2014-12-15 14:21:50 +08:00
    @lzk800 谢谢
    我现在把我的server命名了,然后加了一个default_server指向404和这个原理是不是也差不多呢?
    现在看log,那些请求都404了
    lzk800
        11
    lzk800  
       2014-12-15 14:24:57 +08:00
    @snail1988 想怎么实现都可以,nginx的配置自由度比较大
    lqs
        12
    lqs  
       2014-12-15 14:29:22 +08:00
    只是在扫描代理而已,实际上返回的是你自己网站的内容。可以忽略掉。
    snail1988
        13
    snail1988  
    OP
       2014-12-15 14:35:27 +08:00
    @lzk800 还是不行。。。 重启niginx之后 还是有访问其他网站 200 的记录
    tftk
        14
    tftk  
       2014-12-15 19:43:25 +08:00
    主配置文件里加一条默认配置,没配置的域名都返回404 。


    server {
    return 404;
    }
    snail1988
        15
    snail1988  
    OP
       2014-12-16 10:37:42 +08:00
    谢谢大家回复,已经明白了
    附上一条wiki,很好的解释了这个问题,和我一样不明白的同学也可以看看
    http://wiki.apache.org/httpd/ProxyAbuse
    andyfoo
        16
    andyfoo  
       2017-10-16 01:38:38 +08:00
    刚看到自己服务器这日志惊了一下
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1012 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 19:56 · PVG 03:56 · LAX 11:56 · JFK 14:56
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.